Detection Models

Detection Modeling is the act of using logic to find suspicious instruments and entities by flagging fraudulent transactions.

When transactional information is sent to Unit21, agents can create models (rules) to find the phony transactions that generate alerts for investigative review.

Models (rules) can be found on the Detection Models page. On this page you can view active models, validate models, create new models, shadow models and more.

Model (Rule) State:

StateValidated?Executing?Generating Alerts?

Live Models are the default active tab and are the models that are actively running and generating alerts:


The Validating Models tab shows model that have been created and validated (against past transactions) but are not live:


The Shadow Models tab are live models that run but don't generate alerts (they are used to validate rule logic against new transactions):


In the Live Models tab you can select any currently active model to view its performance in the Rule detail page:


The information on the page includes alerts triggered, the number of times it ran, what the rule logic is and more.

There are also 3 actionable options for live models:

  1. Execute Model - This runs an external model (this button won't do anything for models with execution windows)
  2. Archive Model - This turns off the model (it will no longer create alerts)
  3. Duplicate Model - This duplicates the model (it is the only way to make changes to a model)

Create Models (Rules):

To create models (rules), Unit21 offers two solutions:

  • Scenario Models are rules that are created from scenarios like layering, structuring, insider trading or dormant activity. You pick the scenario you want and customize it to create a rule like find a user who has been dormant for 30 days and suddenly makes a transaction larger than 10 thousand dollars.
  • Dynamic models are created using Variables and Trigger Conditions. It works a lot like excel where you can write your own formulas. You could create a variable that sums all the transactions for a user for the week with a trigger condition that sends an alert if that sum exceeds 25 thousand dollars. Formulas can be as complex as you want.